Hello list,
I've tried to find on the Internet something that answers my question but I didn't
find it, so may be somebody there could give me a hand.
I've got an antivirus system working as proxy. It sends HTTP/1.0 requests splitted
in two different segments:
--------------------------------
Antivirus > IIS 5.0: SYN
IIS 5.0> Antivirus : SYN, ACK
Antivirus > IIS 5.0: ACK
Antivirus > IIS 5.0: HTTP request (part 1)
GET / HTTP/1.0 [cr][lf]
User-Agent: Wget/1.8.1 [cr][lf]
Host: x.x.x.x [cr][lf]
Accept: */* [cr][lf]
Forwarded: by (proxy) [cr][lf]
connection: close [cr][lf]
IIS 5.0> Antivirus : ACK
Antivirus > ISS 5.0: HTTP request (part 2)
[cr][lf]
ISS 5.0> Antivirus : ACK
ISS 5.0> Antivirus : HTTP Error
HTTP/1.1 500 Server Error
Server: Microsoft-IIS/5.0
Date: Wed, 14 Jan 2004 07:54:10 GMT
Content-Type: text/html
Content-Length: 102
<html><head><title>Error</title></head><body>The system
cannot find the file specified. </body></html>
--------------------------------
As shown above, the first HTTP request corresponds to the HTTP headers and the second
one
contains a plain [cr][lf]. Some servers accept this kind of request but some others
don't. All "500: Server Error" messages come from IIS 5.0 servers.
Since this two segments should arrive in the webserver software as a unique flow
reconstructed by the TCP layer, it shouldn't make any difference between using one or
two
TCP segments. However, I've tested this by sending only one TCP segment that includes
the
last [cr][lf] and I could get the a succesful response from the server.
Has anybody experimented this problem before?
Thanks in advance,
Emilio
--
Emilio Mira
e-mail: [EMAIL PROTECTED]
